PRIVACY POLICY

 

Premise

Our company uses the information deriving from the interactions with the user and other customers, as well as with some third parties, to provide high quality products and services, in compliance with the relevant legislation, i.e. D.Lgs [Italian Legislative Decree] no. 196/2003 (hereinafter “Privacy Code”) and EU Regulation no. 2016/679 (hereafter “GDPR 2016/679”), laying down provisions for the protection of individuals and other subjects regarding the treatment of personal data. The provision of data is optional; however, failure to provide it may prevent our company from offering adequate products and/or services that are requested.

 

Definitions

The definition of “personal data” refers to any information relating to an identified or identifiable physical person. An identifiable person is a physical person who can be identified, directly or indirectly, specifically with reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristic elements of his/her physical, physiological, genetic, psychological, economic, cultural or social identity.

The term “treatment” means any operation or sets of operations performed on personal data or on sets of personal data, including automated tools, such as collection, recording, organization, arrangement, preservation, adaptation, or the modification, recovery, consultation, use, disclosure by transmission, dissemination or otherwise made available, alignment or combination, limitation, elimination or destruction.

 

Specific categories of personal data

Pursuant to Articles 26 and 27 of Legislative Decree no. 196/2003 and Articles 9 and 10 of EU Regulation no. 2016/679, data may be provided that qualifies as “specific categories of data”, i.e. that data that may reveal “the racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic or biometric data intended to uniquely identify a physical person, and data relating to the health, sex life, or sexual orientation of the person”. These categories of data may be treated only after one provides his/her free and explicit consent, expressed in writing at the time of purchase or when a service is requested.

 

Legal basis

When you purchase an item on our site, create an account or sign an agreement with us, we will treat your common personal information according to those specific purposes. The same will also happen in case of pre-contractual or similar requests from the user. The legal basis that allows us to treat your personal data is contained in Article 6, Paragraph 1, Letter b) of the European Data Protection Regulation (EU) no. 2016/679 (GDPR), since the treatment of the user’s data is necessary for the execution of our contract with the user or the ability to manage pre-contractual and similar requests.

We may also treat your usual personal data on the basis of the rules contained in Article 6, Paragraph 1, Letter f), of the GDPR, unless your fundamental rights and freedoms prevail over our interests.

Our company has a legitimate interest in the treatment of the user’s personal data (name and email address), for both marketing and data analysis purposes. Our legitimate interest is based on your preferences, with the aim of personalizing our offer. Furthermore, we have a legitimate interest in the treatment of your personal data for the purposes of data analysis.

 

Data Controller

The Data Controller is DREAM BOULE MILANO S.r.l., in the person of the legal representative pro tempore Mr. Beniamino Crocco. In terms of the resulting legal responsibilities, the Data Controller is legally responsible for the storage and use of personal information on computers and/or manual files.

Data Protection Officer (DPO)

The Data Protection Officer (DPO) is DREAM BOULE MILANO S.r.l. The Officer in charge of the data treatment is Mr. Beniamino Crocco.

 

Purpose of the treatment

Our company uses information derived from interactions with the user and other customers, as well as specific third parties, to help provide high quality products and services, as well as for analytical purposes.

 

Treatment methods

The treatment of data will be carried out in an automated and/or manual form, as specified below, in compliance with the provisions of Article 32 of the GDPR no. 2016/679 and Annex B of the Legislative Decree no. 196/2003 (Articles 33-36 of the Code), with respect to security measures taken by people specifically appointed by, and in compliance with the provisions of Article 29 of GDPR no. 2016/679.

Specifically, your personal data may be processed in the following ways:

  • for purposes associated with the orders placed;
  • to verify your identity and answer any of your questions, as well as to process your request and offer you the best possible service;
  • to fulfill our obligations arising from contracts that we have entered in with you;
  • to allow the use of interactive features of our services, when you choose to use them;
  • to communicate changes regarding our services, terms, conditions, and policies and/or other administrative information;
  • to manage and keep our records;
  • To manage your account;
  • to memorize your “Wish List”;
  • to personalize the content displayed and propose tailor-made offers;
  • to prevent and/or detect any abuse or fraud;
  • subject to your authorization, we may contact you directly using the contact information provided by you, for marketing, advertising, and market research purposes;
  • analysis of data related to content, internal research, purchases, etc.;
  • retargeting for marketing purposes.

 

Conservation of data

Pursuant to Article 5 of GDPR no. 2016/679, your personal data will be kept for the time necessary to achieve the purposes for which they are collected and processed.

 

Currently, we do not store user data. Starting from October, we will keep the data of registered users for billing and customer archives.

 

Existence of an automated decision-making process, including profiling

To provide adequate service to our users, we adopt automated decision-making processes, including profiling, according to Article 22, paragraphs 1 and 4, of EU Regulation no. 679/2016. Specially, in our website, different technologies may be used, in order to improve and simplify navigation, and make the site more efficient and safe. Such technologies may entail the automatic collection of personal data by us or by third parties on our behalf. Examples of such technologies include cookies, flash cookies, and web analytics. Our website may, from time to time, contain links from and to the websites of our networks and associated partners. In case one of these links is followed, please take into consideration that these websites have their own privacy policies, for which we do not take any responsibility. Before sending any personal data to those websites, please check their policies.

 

Click-stream data: When a user visits our website, some data is sent from the user’s browser to our server, enabling us to optimize our services. The data is automatically collected and stored by us or by third parties on our behalf. Information about the user’s computer may be collected for system administration purposes, as well as for reporting aggregated information for internal marketing analysis purposes. This is data relating to the actions and navigation patterns of our users and may include the visitor’s IP address, data and time of visit, URL of reference (the site from which the visitor was referred from), pages visited and the user’s navigation on our website, and information on the browser used (type, version, operating system, etc.)

 

Currently, these do not exist. From October onward, they will be present, and this section will be fundamental in its explanation of our policies.

 

Cookies:  our website uses cookies. For more information on our use of cookies and the privacy policies of the parties whose web analysis tools we use, or whose plug-ins are integrated on our websites, consult our Cookie Policy.

 

Retargeting technologies: our website uses retargeting technologies that allow us to direct advertising in a direct and personalized way to visitors who have already expressed interest in our products and/or made purchases through our partner websites. Retargeting technologies analyze user cookies and show advertisements based on their previous browsing behavior.

 

Currently, there are no retargeting technologies, and none are forecasted for the future.

 

Data provided by the user

In addition to data collected using automated methods, we also treat the data you have provided. These may include, by way of example:

  • the user’s personal identification data (contact details, title, name and surname, marriage date, date in which first contact occurred, photo, address or billing address, postal code, data of birth, sex, telephone number, email address, credit and debit card details); if someone else’s personal information is provided, the user must ensure that he or she has the right to share it with us;
  • the information provided by the user when registering for an account, or when creating a “Wish List” or participating in a competition, etc.;
  • the information provided by the user through third parties, such as Facebook and other social networks;
  • the information that the user uploads to the site or shares through our site using our services;
  • the preferences and interests that may be stored in the user’s profile;
  • the information provided when a user contacts us to report a problem with our site or to receive technical assistance and/or for clients, etc.

This data is characterized by the fact that they were voluntarily provided by the user. This information is used for the purposes described in this Privacy Policy. The user can modify his personal data at any time and oppose its further treatment as specified above.

 

Scope of communication and diffusion

Moreover, we inform you that the data collected will never be disclosed and will not be communicated without your explicit consent, except for the necessary communications that may involve the transfer of data to public bodies, consultants, or other subjects to fulfill legal obligations.

 

Transfer of personal data

Your data will not be transferred to either the Member States of the European Union or to third Countries outside the European Union. [NO.]

 

Rights of the interested party

Pursuant to Article 7 of Legislative Decree no. 196/2003 and Articles 15 to 22 of EU Regulation no. 2016/679, you can, at any time, exercise the right to:

  1. a) request confirmation of the existence or non-existence of your personal data;
  2. b) obtain information regarding the purposes of the data treatment, the categories of personal data, recipients or categories of recipients to whom the personal data has been or will be communicated, and, where possible, the retention period;
  3. c) obtain data correction and deletion;
  4. d) obtain treatment limitation;
  5. e)   obtain data portability, i.e. receive the data from the Data Controller in a structured format that is commonly used and readable by an automatic device, and transmit them to another Data Controller without any impediments;
  6. f)   oppose, at any time, the treatment of data, also in the case of treatment for direct marketing purposes;
  7. g)   oppose an automated decision-making process concerning individuals, including profiling;
  8. h)  ask the Data Controller to access personal data and to rectify or cancel it, limit its treatment, or oppose its treatment, in addition to the right to data portability;
  1. withdraw consent at any time, without prejudice to the lawfulness of the treatment, based on the consent given prior to its revocation;
  1. j)    propose a complaint to a supervisory authority.

You can exercise your rights with a written request to DREAM BOULE MILANO S.r.l., Piazza Velasca 8, 20122 Milano, or to the email address: dreamboulemilano@legalmail.com.   

 

Information security and data integrity

We take the appropriate technical and organizational measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure, or access, particularly where the treatment involves the transmission of data over a network, and against all other forms of unlawful treatment and improper use.

 

Consequences of the failure to disclose personal data

You may not be able to create an account or make a purchase on our website if you are unable to provide certain information that is requested.

 

Changes to this policy

We have committed ourselves to respecting the fundamental principles of privacy and data protection. This Privacy Policy may be occasionally amended, to update you regarding new developments and regulations. Any changes we may make to our Privacy Policy in the future will be published on this page, and, if necessary, may be communicated to the user via email.

Last updated: July 2018